• The Virginia Consumer Data Protection Act (VCDPA) will be the second strongest privacy law in the U.S., modeled after California privacy laws. It is scheduled to take effect on January 1, 2023. 
  • The VCDPA is not limited to people who live in Virginia. It applies to any businesses that collect the data of at least 100,000 Virginia residents during a calendar year, or at least 25,000 Virginia residents, and derives more than 50 percent of its gross revenue from the sale of personal information. 
  • Under the VCDPA, consumers will have the right to access personal data that businesses collect about them, correct inaccuracies in the data, request personal data be deleted in certain exceptions, and opt-in to the use of personal data and opt-out of the sale of personal data in certain circumstances. 
  • For information about recent data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) new data breach tracking tool, notified.   
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.  

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for February 26, 2021. Each week, we look at the most recent and interesting events and trends related to data security and privacy. Last week we talked about significant privacy changes being driven by a private company – specifically, Apple through an update in the operating system for iPhones. This week we focus on state laws that are fundamentally changing the legal and regulatory landscape across the country.

Some people of a certain age probably remember the School House Rock cartoons that, among other things, taught us about the functions of conjunctions. However, more memorably, about how laws are made. The short cartoon from 1975 gives us the title of today’s episode – “I’m just a bill…sitting here on Capitol Hill.”

New Virginia Privacy Law: “Virginia Consumer Data Protection Act (VCDPA)”

By the time people listen to the podcast or read the transcript, Governor Ralph Northam of Virginia is likely to have already signed the second strongest privacy law in the country, the Virginia Consumer Data Protection Act or VCDPA. Modeled after groundbreaking California privacy laws, the Virginia Consumer Data Protection Act adds new rights for Virginia residents and obligations for businesses that collect information about people who live in the Old Dominion.

However, VCDPA is not limited to businesses based in Virginia. Like the California Consumer Privacy Act (CCPA) and the European Union’s privacy law (GDPR) before that, the VCDPA applies to any business anywhere in the world if it:

  1. Collects the personal data of at least 100,000 Virginia residents during a calendar year; or
  2. Collects the personal data of at least 25,000 Virginia residents and derives more than 50 percent of its gross revenue from the sale of personal information.

Non-profits, government agencies, and colleges and universities are exempt, along with a few institutions regulated by certain federal privacy laws.

Under the Virginia Consumer Data Protection Act, consumers will have the right to:

  • Access personal data that a business collects and uses about them;
  • Correct inaccuracies in that data;
  • Request that personal data be deleted subject to certain exceptions;
  • Opt-in to the use of sensitive data in certain circumstances, with sensitive information being personal attributes like race or sexual orientation, biometric information, children’s information, and location data.
  • Opt-out of the sale of personal information and certain automated processes based on personal data. The VCDPA also requires businesses to let individuals opt-out of the sale of personal data to third parties as well as “targeted advertising.”

When the Virginia Consumer Data Protection Act Will Take Effect

Businesses will have until January 1, 2023 – when the VCDPA goes into effect – to get ready to comply with the law, the same day California’s updated privacy law, the California Privacy Rights Act (CPRA), becomes effective. Unlike the California law, the enforcement of the Virginia law will be the exclusive jurisdiction of the state attorney general – no individual consumer lawsuits are allowed for now.

Other Privacy Laws in the Works

The January 1, 2023 date could be crowded with new state privacy laws. There are currently ten other states considering similar privacy and cybersecurity laws and two that have established study commissions that will be required to report back to their state lawmakers by 2022.

The Possibility of a Federal Privacy Law

What about a federal privacy law passed by Congress that applies uniformly across the country? Even with a new Congress, many of the same roadblocks remain from past Congresses. One side wants state laws to be overruled, and the other side wants a federal law to be a floor, not a ceiling for the states. There is also the unanswered question about the ability of individuals to file lawsuits over violations of privacy.

Contact the ITRC

If anyone has questions about how to keep their personal information private and how to protect it, they can visit www.idtheftcenter.org, where they will find helpful tips on these and many other topics.

If someone thinks they have been the victim of an identity crime or a data breach and needs help figuring out what to do next, they should contact us. People can speak with an expert advisor on the phone, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Visit www.idtheftcenter.org to get started.

Be sure to check out the most recent episode of our sister podcast, The Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown.

*Updated as of 3/10/2021

  • The third round of stimulus payments is on the way. Scammers are aware, too, which means another round of scams as well.
  • Remember, the Internal Revenue Service (IRS) will not text, email or call anyone about a stimulus payment. If someone receives an unsolicited message from someone claiming to be with the IRS, it is probably a scam. Consumers should contact the IRS directly to verify before they respond. 
  • Offers that require people to pay to receive a stimulus benefit or to use a service to get a payment faster are also signs of a stimulus payment scam. 
  • Consumers can track their new stimulus checks once they are sent. Then can visit the IRS “Get My Payment” page to follow their payments.  
  •  To learn more about stimulus payment scams, the new stimulus payment or if someone suspects they are the victim of a stimulus scam, they can contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat on the company website.  

New Stimulus Payments Approved by Lawmakers 

Lawmakers voted to approve the third stimulus package since the coronavirus pandemic. The package includes a $1,400 stimulus payment for anyone who earns $75,000 or less (the payments start to phase out at $75,000), extends jobless aid supplement and programs making more people eligible for unemployment insurance, and much more.

Late in 2020, lawmakers agreed on a new stimulus package, which included a $600 stimulus payment for anyone who earned $75,000 or less. There was also a reduced payment for anyone who made $75,000-$99,000.

In the spring of 2020, the first batch of stimulus payments assisted Americans in need of financial relief due to the economic impacts of COVID-19. Criminals took advantage of the situation by offering to help benefit recipients speed access to their stimulus funds. Criminals stole checks from nursing home residents, out of people’s mailboxes, and even from postal trucks. The Identity Theft Resource Center (ITRC) saw some of those methods used to steal identity information and stimulus payments the second time around, and expect to see it again. The ITRC has also had a sharp rise in reported stolen stimulus payments and stimulus payment scams cases.

As of March 10, 2021, the Federal Trade Commission (FTC) had logged more than 382,000 consumer complaints related to COVID-19 and stimulus payments totaling more than $366 million in losses. Two-thirds of the complaints involved fraud or identity theft. The median fraud loss per person is $325.

New stimulus checks mean more scams are on the way. With more stimulus payment fraud expected, consumers should know how to spot a scam and what to do if an identity criminal contacts them.

Possible Stimulus Payment Scams 

According to the Washington Post, researchers recently discovered a campaign of thousands of emails that sought to trick Americans into filling out a phony form to “apply” for American Rescue Plan checks from the IRS before the third stimulus package was even passed by congress. The emails encouraged recipients to download an Excel sheet that launched malicious software that steals personal banking information and other login credentials once downloaded.

Criminals use different schemes to trick people, and they can be expected to do the same this time, as seen above. Here are a few things for people to watch for that indicate that someone might be the target of a stimulus payment scam:

  • Text messages and emails about stimulus payments – Criminals use text messages and emails to send malicious links in hopes that people will click on them to divulge personal information or insert malware onto someone’s device. If anyone receives a text message or email about a stimulus check or direct deposit with a link to click or a file to open, they should ignore it. It’s a scam because the IRS will not contact anyone unsolicited by text, email or phone to discuss a stimulus payment. 
  • Asked to verify financial information – The IRS will not call, text or email anyone to verify their information. If information needs to be confirmed, people will be directed to an IRS web page. This includes retirees who might not typically file a tax return.  
  • A fake check in the mail – Anyone who earns $75,000 or less will get $1,400. People who make between $75,000-$80,000 will receive a reduced amount. Anyone who gets a check and has questions about the amount, or thinks the check seems suspicious, should contact the IRS.
  • Offers for faster payments – Any claim offering payment faster through a third-party is a scam. All new stimulus checks will come from the IRS, and the IRS says there is no way to expedite a payment.  
  • Pay to get a check – No one has to pay to receive a stimulus check. New stimulus checks will be deposited directly into the same banking account used for previous stimulus payments or the most recent tax refund. If the IRS does not have someone’s direct deposit information, a check or prepaid card will be mailed to the last known address on file at the IRS.
  • Stolen checks – The ITRC has received numerous complaints from consumers about their stimulus checks being stolen. If anyone believes their payment is stolen, they should visit IDTheft.gov, where they can report, “Someone filed a Federal tax return – or claimed an economic stimulus payment – using my information.”

What to Do If You’re a Victim of Stimulus Payment Scams 

 If anyone believes their information may have been compromised or their stimulus payment was stolen, the IRS suggests people report it to the IRS and FTC simultaneously through IdentityTheft.gov. If anyone wants to learn more about stimulus payment scams or if someone believes they are the victim of a stimulus payment scam, they may also contact the Identity Theft Resource Center toll-free. Consumers can call (888.400.5530) or live-chat on the website. People can go to www.idtheftcenter.org to get started.

  • Approximately 56 percent of California voters passed The California Privacy Rights Act (CPRA). The law will be the toughest privacy law in the U.S. once it goes into effect in 2023.
  • California residents will have more control over what happens to their personal information when businesses collect it. Consumers from the state can also have information corrected they think is inaccurate.
  • California businesses will be required to update agreements with contractors and sub-contractors that binds them to meet the provisions of the CPRA.
  • For more information on the privacy law, contact the ITRC at no-cost by calling 888.400.5530 or by live-chat on the company website.

California voters went to the polls to decide the fate of the strongest privacy law in the United States. After counting the ballots, Proposition 24 – The California Privacy Rights Act (CPRA) – passed and will go into effect in 2023.

Subscribe to the Weekly Breach Breakdown Podcast

Every week the Identity Theft Resource Center (ITRC) looks at some of the top data compromises from the previous week and other relevant privacy and cybersecurity news in our Weekly Breach Breakdown Podcast. This week, we look at CPRA and what it means for businesses and consumers.

How The California Privacy Rights Act Passed

Approximately 56 percent of California voters approved the privacy law. However, Big Tech and Big Privacy joined forces to oppose the proposal. The initiative was proposed to strengthen the existing state privacy law, The California Consumer Privacy Act (CCPA), in many different ways.

What Consumers Need to Know About The California Privacy Rights Act

There are a few different things for California residents to know about the CPRA:

  1. Since voters approved the CPRA and not the state legislature, it will be more difficult to amend the law in the future. The legislature must submit any proposed changes to the popularly approved law to the voters in a future election. That makes it very difficult to weaken the privacy provisions in the CPRA.
  2. The CPRA gives California residents even more control over what happens to their personal information when a business collects it. The CCPA gives residents the right to access the information companies collect about them and request it be deleted in certain circumstances. It also prohibits the sale of their information for marketing purposes. The CPRA will give consumers rights linked to sharing information – not just selling data to third parties – clarifying one of the most confusing parts of the current privacy law, the CCPA.
  3. The CPRA adds a right to correct any information that a consumer thinks is inaccurate. Californians will now have the right to opt-out of automated decision processes that use their personal information. Also, they will have the right to see how automated decision processes work.
  4. The CPRA creates a new category of personal information that California residents can access and control in certain circumstances, like sharing information with third parties. The new category is known as “sensitive personal information” and includes precise geolocation data, race, religion, sexual orientation, Social Security numbers and certain health information.
  5. Finally, the new privacy law gives consumers the right of data portability, which means someone can tell a company to share their information with another company. It is like when someone changes their mobile phone or insurance companies.

What Businesses Need to Know About The California Privacy Rights Act

Businesses will also have a host of new duties that apply to them:

  1. Companies will have to create data silos, meaning they will have to keep personal information used in marketing separate from other consumer information. Companies, especially smaller ones, are already struggling to meet the existing consumer rights of access, review, deletion and opt-out. The new provision could compound the compliance issues.
  2. The most significant change for businesses will be the requirement that companies update agreements with contractors and sub-contractors that bind them to meet the provisions of the CPRA. In past podcast episodes, the ITRC has talked about data breaches resulting from “supply chain attacks.” That is where a company has good cybersecurity. Still, a third-party vendor ends up breached, and the company’s customer data is exposed. The requirement to update agreements with contractors and sub-contractors is designed to address supply chain attacks and clarify that everyone in the supply chain is responsible for protecting consumer information.
  3. Businesses do get some benefits in the CPRA. Employee and B2B data are exempt from the law until at least 2023, and businesses may be charged fees if consumers opt-out of data collection and sharing. That provision is the reason privacy advocates joined Big Tech companies to oppose the CPRA.

Toughest Privacy Law in the United States

The CPRA will be the toughest privacy law in the U.S. when it goes into full effect in 2023. In the meantime, state officials will propose the regulations needed to implement the new law. In the case of the CPRA, there will also be a new state agency created to enforce the new privacy law. For now, the California Attorney General will continue to enforce the existing law, CCPA.

Privacy Law Passed in Massachusetts

There was another state privacy law recently approved by a vote in Massachusetts. Car owners now have the right to see the information their car is wirelessly sharing with automakers. Approximately 75 percent of voters approved the proposal; carmakers have until 2022 to comply.


For information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.  

Contact the ITRC

If you have a question about The California Privacy Rights Act, data privacy, or if you receive a breach notice and you’d like to know how to protect yourself, contact the ITRC. You can speak with an expert advisor toll-free at 888.400.5530 or by live-chat on the company website. Also, download the free ID Theft Help App to access resources, a case log and much more. 

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.  

This post will be updated as more information becomes available

UPDATE: 6/15/2020- According to the Wall Street Journal, Treasury Secretary Steven Mnuchin said the administration is “very seriously considering” a second round of stimulus checks. The proposed $3 trillion Health and Economic Recovery Omnibus Emergency Solutions, or HEROES Act, was passed by the U.S. Senate but has not been passed by the U.S. House of Representatives. It would authorize another round of stimulus payments for most U.S. households. For more information on what the HEROES Act would provide, click here.

UPDATE: 4/29/2020- Anyone who did not file a tax return for 2018 or 2019 and have dependent children must register with the IRS by Tuesday, May 5, at noon EST to get an additional $500 economic impact payment for their dependents. If anyone misses the deadline, they will have to wait until they file their 2020 tax return to get the money. For more information on how to fill out a non-filer form, and how to avoid a non-filer scam, click here.

UPDATE: 4/15/2020 – Stimulus check have begun being distributed and people are already seeing them show up in their bank accounts. The IRS has created a portal where people can check the status of their economic impact payment. It could take a few minutes to load the website due to overload. However, people will be able to see what day they are expected to receive their payment, as well as the payment method.

Non-filers can now also file through the IRS to get their payment sooner. To learn how to file, and how to avoid a non-filer scam click here.

UPDATE 4/13/2020 – The Treasury Department and the IRS have announced that the distribution of stimulus checks will begin this week and that most of them will be deposited directly, requiring no action. Anyone who does not typically file a tax return will need to file a simple tax return to receive their stimulus check.

If there is anyone who has not filed their 2019 tax return but did file a 2018 return, the IRS will use the information provided in the 2018 return. The Treasury also plans on creating a web-based portal where people can enter their direct-deposit information online. The stimulus checks will be available to consumers through the end of 2020. For more information, consumers can visit IRS.gov/coronavirus. To learn more about the stimulus checks, click here. For tax rules to help you fill out your 2019 taxes, click here.

ORIGINAL 3/27/2020- With the COVID-19 pandemic impacting everyone across the United States, the U.S. federal government passed the largest stimulus package ever to help minimize the financial impacts for businesses and consumers. Coronavirus stimulus checks are being mentioned in the news daily, which is leading fraudsters to come up with stimulus check scams.

While there are a lot of questions about the $2 trillion stimulus package and stimulus check payments, most consumers should not have to take any action to receive their stimulus check because the payment will be directly deposited by the IRS into their bank account from the information provided on their 2018 or 2019 tax return. Payments will begin arriving in mid-April.

If anyone receives any messages or letters regarding a government check, it is very likely a coronavirus stimulus check scam. The government will not ask anyone for their Social Security number, bank account number or credit card number; the government will also not ask anyone to pay a fee upfront to get their government check; there will not be a way to “expedite payment” through a service provider either.

If anyone did not provide their bank account information on their last tax return, the IRS will mail people their stimulus checks. There have also been discussions about the possibility of sending some payments to consumers on prepaid debit cards to speed up the process. While that is a possibility, if someone reaches out saying that they can get the stimulus payment to you on a debit/credit card, please report it to local authorities or the Internet Crime Complaint Center (IC3) to verify whether it is real or fake.

With the stimulus package passing, people can expect to see a rise in stimulus check scams. When the government ends up mailing checks and/or prepaid debit cards, people can also expect to see a rise in prepaid card scams and physical mail theft.

To avoid any of these scams, consumers should make sure they have filed their taxes and have provided their direct deposit information to the IRS in their latest tax return. Consumers should also check to see if they are qualified to receive a coronavirus stimulus check, and for how much.

Finally, if consumers receive anything that does not seem correct or something they are not expecting, they should ignore it and go directly to the source to verify its legitimacy. There is a possibility it could be a stimulus check scam.

If people have questions regarding stimulus check scams, they are encouraged to contact the Identity Theft Resource Center through the website to live chat with an expert advisor. For those that cannot access the website, they can call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will assist you as quickly as possible.

You might also like…

Unbeknownst to many consumers, the country’s most advanced consumer privacy act just went into effect on January 1, 2020. The California Consumer Privacy Act (CCPA) outlines some of the strongest protections for individual consumers and the companies they choose to do business with. However, some early reporting shows that a lot of people are still not aware of the new legislation.


CCPA provides new protections in the event of a data breach, new tools for consumers to find out exactly what information a company has collected and sold or shared and more. Under the CCPA, consumers also have the right to delete some personal information and opt-in for children. In the CCPA personal information is defined as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information under the CCPA does not include publicly available information.

 Companies doing business in California — whether they are located there or not, or simply have customers or users who reside in the state — must provide more than just the proof of information they have collected. If an individual consumer does not want their information sold to third parties, the CCPA states they have the right to opt-out and the companies must comply. Failure to comply could result in significant fines, penalties and damage awards of up to $7,500 per consumer.

Image of business with notice of CCPA

That has been a sticking point for a number of businesses, though.

There are questions about how businesses will comply with the do not sell requirements. Some companies are claiming that if they “share” their users’ data with an outside company, they are in compliance. The supporters of the CCPA have said selling or sharing is the same thing, though companies like Facebook, CVS, Indeed and others argue their methods of providing users’ information to outsiders does not violate the CCPA.

Image of Conde Nast disclosure of CCPA

Some of the other responsibilities of businesses include a child opt-in requirement, a website notice requirement, a duty to educate, vendor agreements, third-party transfers and cybersecurity protections to prevent a data breach. In the event of a data breach, consumers can now sue to recover up to $750 in costs per data breach. For more information about consumer rights in the event of a data breach or other CCPA rights, click here.

Image of business disclosure of CCPA

Though the California Consumer Privacy Act went into effect on January 1, businesses have until July 1 to comply before enforcement—and presumably, punitive action—begins. It will be interesting to see both how this plays out for businesses that make a lot of money by selling their customers’ information, and how many other states follow suit with legislation of their own.

Sign Up For Identity Theft and Data Breach News

Sign up for the TMI Weekly to stay in the know about potential threats to your identity/privacy and tips to keep you safe. Our monthly breach alert keeps you posted on the latest trends and activity in the world of breaches.

Free Identity Theft Assistance

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

This news is currently evolving and we will update as announcements are made available.  

You might also like…

As this year winds down, it is important to spend a little time reflecting on the 2019 identity crimes, some of the things that went right in 2019 and the things that did not go as well. This is true for so many subjects, especially identity crime – which includes scams, fraud, data breaches, cybercrime and all of the other types of crimes that go with it.

Fallout from 2018

As in previous years, this past year has been a big one for these kinds of crimes. Tech users are still feeling the aftermath of things like the Facebook/Cambridge Analytica privacy debacle that was uncovered last year; Congress is still at work on what to do about consumer privacy in the social media age. Also, the news that phishing attacks more than doubled last year over the year before had researchers, businesses, lawmakers and consumers alike paying closer attention to the messages they receive.

What Went Right in 2019

Fortunately, new legislation has come along to make our privacy lives a little safer. The General Data Protection Regulation (GDPR) regulations went into effect in Europe last year, for example, and they inflict strict penalties on businesses that gather and store data but let it fall into the wrong hands. New laws in California and Colorado will be taking effect soon, intent on strengthening privacy and consumer choice. Best of all, the awareness of what constitutes these kinds of crimes and how to recognize them is increasing.

Top Security Incidents of 2019

However, this welcome news does not mean that consumers are safe or that hackers are finally giving up. With every new platform, tool or technology, there is even greater potential for new avenues of attack. Healthcare providers and insurance companies continued to be one of the hardest-hit targets this year, thanks to the overwhelming amount of personally identifiable information (PII) they gather. “Accidental exposure” breaches were a common 2019 identity crime for major-name companies, which happens when businesses store huge databases of private information – in an online server then fail to password protect it as an example. Even our entertainment was not safe, as many apps and online gaming portals suffered data breaches that were traced back to reusing passwords on multiple sites.

2019 did not just see a lot of large data breaches, but settlements as well.

Equifax Settlement

In July, Equifax reached a $700 million settlement for harms caused by their data breach. Equifax agreed to spend $425 million to help victims of the breach, leading to lots of discussion on how to file a claim.

Facebook Settlement

While the Equifax settlement was the largest in data breach history to date, Facebook blew it out of the water just two days later, as they were ordered to pay $5 billion. After the settlement, Facebook said it required a “fundamental shift” in Facebook’s approach at every level of the company in terms of their privacy.

Yahoo Settlement

A month and a half later a Yahoo data breach settlement was proposed for $117.5 million after over three billion Yahoo accounts were exposed. Identity Theft Resource Center CEO, Eva Velasquez, stated in a media alert that the settlement trend is moving the needle in the right direction for both consumers and victims. However, that was not without its challenges, including putting the onus on the consumer to tell the settlement administrators how they were harmed and provide proof of it.

10,000 Breaches Reported

This past year the Identity Theft Resouce Center also recorded 10,000 publicly-notified data breaches since 2005. As part of the milestone, the ITRC took a look back at some of the top breaches the last 15 years as part of our 10,000 Breaches Later blog series.

Minimizing Future Risks

While data breach fatigue is a recognized phenomenon, one that can occur when consumers are bombarded with constant news about their data being compromised, the flip side is the kind of paranoia that makes you want to unplug and go live off the grid. However, neither of those is the solution. What does work is an awareness of the threat and some good privacy habits to prevent crimes like the 2019 identity crimes:

We’re Here to Help

Remember, you are not responsible for the criminal behaviors of a hacker. However, you can take steps that reduce your risk of becoming a victim and help minimize the damage if the worst does occur. The Identity Theft Resource Center is always here to help. Call us toll-free at 888.400.5530 or live-chat with one of our advisors.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Exercise Car Safety to Avoid Leaving Your Identity Behind

Holiday Phishing Scams Target Small Business

Social Security Phone Scam

A privacy law in California is changing and addresses biometric protection. As criminals find new and different ways to inflict harm, various laws have evolved over the years to address such needs. Driving laws, for example, have had to adapt to faster speeds, stronger engines, self-driving technology and cellular phones. Schools and medical offices have had to revisit their student or patient protections with the advent of computerized record keeping. Even sports organizations and their governing bodies have had to reevaluate their regulations in light of newer technologies and the studies behind sports-related injuries.

Update to the Information Practices Act of 1977

Now, a new privacy law signed by California’s Governor Gavin Newsom recently highlights the way that change can make a huge impact on a lot of people, especially where their privacy is concerned.

In California, a privacy law, the Information Practices Act of 1977, was still the deciding factor in prosecuting or filing civil suits in privacy cases. What lawmakers knew about personally identifiable information (PII) back then, as well as what criminals could do with it, was outdated, and it was time for a fresh look.

Now, thanks to the newly signed bill, biometric data is included in the kinds of information that companies must keep secured if they are going to gather it. As more and more companies use things like fingerprints or facial recognition software for a wide variety of purposes, the burden of protecting that information falls on them.

Change Needed Due to Increase in Data Breach Incidents Exposing PII

According to the Identity Theft Resource Center, the volume of PII exposed in data breaches increased by 126% between 2017 and 2018 to more than 446 million records exposed. The bill also re-examines how people must be notified in the event of a data breach. One of the positive trends in identity theft and fraud over the past few years has been the increasingly rapid response to breach events, especially in terms of notifying consumers quickly if they were victimized.

Perhaps the most important thing for lawmakers to recognize is the fluid nature of creating laws that protect the public. There have been cases historically in which a perpetrator of a heinous act was let go simply due to the fact there was no clear law in place to punish the offender. With updates to identity theft and privacy laws, the public will now be even more secure.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

New Texas Law Protects Victims of Coerced Debt

Popular VPN Provider, NordVPN, Breached by Hackers

Instagram Creates New Feature That Fights Phishing Attacks

The process of ending a marriage can be lengthy and painful. During the months or even years it can take to finalize things legally, a lot can happen. In an all-too-common scenario, many people discover after their initial steps towards divorce that their spouse opened new credit cards or lines of credit in their names, leaving them with thousands of dollars of coerced debt.

While it has long been a crime to steal someone’s identity, a new law in Texas will protect victims of coerced debt and allow individuals to file charges against their exes for spousal identity theft. In some cases, stealing a partner’s identity can even be prosecuted as a form of domestic violence, according to the non-profit organization Vera House.

This law is not so much “new” as that it provides a very important clarification. Previously, identity theft was limited to using someone’s information without their consent. In the case of divorce proceedings, it might seem obvious that one partner in the marriage did not consent for their soon-to-be ex-spouse to use their information. However, in divorces in which domestic violence has played a role, this law now covers individuals who knew their information was being used during the time they were married but were powerless to stop it for some reason, leading to coerced debt.

Coerced debt is now a crime under this law. This can include a partner who has threatened you and one who has maintained tight control over all income sources. If you are facing a divorce and your partner has established debt in your name that you did not agree to but could not prevent for some reason, you may have options under this law. A qualified attorney, victim resource center or other agency may be able to tell you more, and the Identity Theft Resource Center is always available to help anyone with concerns or questions.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

One Simple Way to Not Get Your Twitch Account Hacked

Do Your Boss a Favor and Don’t Fall for a Gift Card Scam

Instagram Creates New Feature That Fights Phishing Attacks

Consumers have a new law in New York to thank for providing additional protection from identity theft and data breaches. The law, which was passed by the state legislature in June in response to the rash of record-breaking data breaches and updated regulations, spells out how companies must respond when a breach event occurs.

The new law in New York even applies to businesses outside of the state. If the victims of the breach are New Yorkers, the company must comply with the steps outlined in the law no matter where they are located. This can have a domino effect of sorts since disclosing the breach to those residents can help make consumers in other states aware that a breach has occurred, even if they are not going to be receiving notification letters due to their locations.

Moreover, the SHIELD Act in New York will cover biometric data, not just personal identifiable information like Social Security numbers or usernames and passwords. If a company gathers and stores things like fingerprints or blood type, that information is now considered worthy of triggering a data breach notification. In the past, different states have had different rules on what requires a notification letter, and until now, biometric data was not included in New York.

Further, the SHIELD Act will require companies to inform victims as quickly as possible that their information was compromised. If there are more than 500 victims from New York the company is also required to inform the state’s Attorney General’s office. It also outlines which types of information require a notification letter, such as email addresses and passwords, birthdates and SSNs.

The SHIELD Act signed last week by Governor Cuomo, goes into effect in March 2020. It is based on a lot of consumer protection concepts that were put into place in Europe under the GDPR regulations that were enacted last year. The new law in New York was also inspired in part by the Equifax data breach from a year ago, an event in which 147 million consumers had their complete identities stolen by hackers.

For its part, Equifax has now launched its claims website for consumers to find out instantly if their information has been compromised. If it has, the steps for filing a claim and seeking compensation are included on the site. The claims site can be found at EquifaxBreachSettlement.com.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

How to File an Equifax Claim for Data Breach Settlement

How To: Place a Free Credit Freeze

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches